XML Injection Vulnerability in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras

CVE-2015-6970 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.

Learn more about our Web App Pen Testing.